search

mrochon / b2csamples

MIT License
132 stars 41 forks source link

Multi-tenant - provide UI for adding new IdPs #32

Closed mrochon closed 2 years ago

mrochon commented 2 years ago

Could I use IEFPolicies module or its logic to do it from the UI?

KawemeKowa commented 2 years ago

Hey mrochon, sorry I couldn't find an appropriate platform to ask this question so I will ask it here. I am using the Invitation policy you created for B2C Multitenant scenario. Right now I am able to prevent a user from using a different email to the the one in the invitation token for local accounts. My issue is this check isn't being achieved for social accounts. For example if I send an invitation to a Microsoft account I am able to sign in with a Google SSO account without the warning telling the user that the "Invitation is for a different email address". Is this because there is no Metadata for that message in the AAD-Common and Google-OAUTH Technical profiles in the Invitation.xml file?

mrochon commented 2 years ago

Have a look at this sample: b2csamples/InvitationRedemptionSocial.xml at master · mrochon/b2csamples (github.com)https://github.com/mrochon/b2csamples/blob/master/Policies/invitation/policy/InvitationRedemptionSocial.xml

Hope that give u an idea how to do a combined policy.

Sent from Mailhttps://go.microsoft.com/fwlink/?LinkId=550986 for Windows

From: @.> Sent: Thursday, March 24, 2022 5:55 AM To: @.> Cc: @.>; @.> Subject: Re: [mrochon/b2csamples] Multi-tenant - provide UI for adding new IdPs (Issue #32)

Hey mrochon, sorry I couldn't find an appropriate platform to ask this question so I will ask it here. I am using the Invitation policy you created for B2C Multitenant scenario. Right now I am able to prevent a user from using a different email to the the one in the invitation token for local accounts. My issue is this check isn't being achieved for social accounts. For example if I send an invitation to a Microsoft account I am able to sign in with a Google SSO account without the warning telling the user that the "Invitation is for a different email address". Is this because there is no Metadata for that message in the AAD-Common and Google-OAUTH Technical profiles in the Invitation.xml file?

— Reply to this email directly, view it on GitHubhttps://github.com/mrochon/b2csamples/issues/32#issuecomment-1077597835, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAMKCKDINUU6ZVB7SEP5Y7LVBRQ5HANCNFSM5QOAA4CQ. You are receiving this because you authored the thread.Message ID: @.***>

KawemeKowa commented 2 years ago

Thank you let me give this a try